NERC CIP Program Recovery

Challenge

A large electric utility received an unfavorable audit that pointed to a significant programmatic breakdown and a lack of cultural understating of NERC CIP standards. Significant gaps existed in the organization’s roles and responsibilities to provide governance and oversight for the standards, procedures were not well maintained or did not exist, and the organization relied on manual methods to document and collect evidence. Operating and technical groups did not understand the NERC CIP standards, requirements, or the implications of not complying. Enterprise and business unit leadership were facing tight timelines to respond to audit findings and a situation where repeat issues would not be tolerated by the regulator or the board.

Process

• Established an operating model and organization for the NERC CIP standards​
• Developed and updated NERC CIP documentation, including seven technical program documents, 11 new CIP procedures, and more than seven updated procedures​
• Developed more than 25 PMs and entered them into Maximo work management tool for recurring CIP requirements; allowed management visibility to oversee on-going CIP tasks​
• Developed eight template job plans with work instructions​
• Prepared and issued computer-based awareness training for more than 800 workers, totaling more than 1,200 courses completed​
• Delivered CIP technical instructor-led training at medium-impact facilities, providing direct training to more than 350 workers​
• Provided initial training to compliance managers and compliance analysts​
• Worked with operational leaders to self-certify they knew how to execute work